Illustration by Alex Castro / The Verge
TikTok’s Android app collected users’ MAC addresses for 18 months in violation of the platform rules, as discovered by a Wall Street Journal investigation on Tuesday. The addresses would have served as a unique identifier for each user’s device, making them valuable for both advertising and potentially more invasive forms of tracking.
By 2015, both iOS’s App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy, but TikTok was still able to obtain the identifier through a loophole. A study cited by the Journal found that nearly 350 apps on the Google Play Store had taken advantage of a similar loophole, generally for ad-targeting purposes.
TikTok discontinued the practice in November of last…